Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-49

EC-Council 312-49 Exam
Computer Hacking Forensic Investigator (Page 20 )

Updated On: 9-Feb-2026
Page 20 of 108
PDF with 704 Questions

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

  1. 10
  2. 25
  3. 110
  4. 135

Answer(s): B



This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

  1. Master Boot Record (MBR)
  2. Master File Table (MFT)
  3. File Allocation Table (FAT)
  4. Disk Operating System (DOS)

Answer(s): C



What should you do when approached by a reporter about a case that you are working on or have worked on?

  1. Refer the reporter to the attorney that retained you
  2. Say, "no comment"
  3. Answer all the reporter’s questions as completely as possible
  4. Answer only the questions that help your case

Answer(s): A



Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?

  1. Sector
  2. Metadata
  3. MFT
  4. Slack Space

Answer(s): D



A state department site was recently attacked and all the servers had their disks erased. The incident response team sealed the area and commenced investigation. During evidence collection they came across a zip disks that did not have the standard labeling on it. The incident team ran the disk on an isolated system and found that the system disk was accidentally erased. They decided to call in the FBI for further investigation.
Meanwhile, they short listed possible suspects including three summer interns. Where did the incident team go wrong?

  1. They examined the actual evidence on an unrelated system
  2. They attempted to implicate personnel without proof
  3. They tampered with evidence by using it
  4. They called in the FBI without correlating with the fingerprint data

Answer(s): C






Post your Comments and Discuss EC-Council 312-49 exam prep with other Community members:

Join the 312-49 Discussion